1*** Settings ***
2
3Documentation    VMI certificate exchange tests.
4
5Library          ../../lib/jobs_processing.py
6Resource         ../../lib/resource.robot
7Resource         ../../lib/bmc_redfish_resource.robot
8Resource         ../../lib/openbmc_ffdc.robot
9Resource         ../../lib/bmc_redfish_utils.robot
10Resource         ../../lib/utils.robot
11
12Suite Setup       Suite Setup Execution
13Test Teardown     FFDC On Test Case Fail
14Suite Teardown    Suite Teardown Execution
15
16
17*** Variables ***
18
19# users           User Name               password
20@{ADMIN}          admin_user              TestPwd123
21@{OPERATOR}       operator_user           TestPwd123
22@{ReadOnly}       readonly_user           TestPwd123
23@{NoAccess}       noaccess_user           TestPwd123
24&{USERS}          Administrator=${ADMIN}  Operator=${OPERATOR}  ReadOnly=${ReadOnly}
25...               NoAccess=${NoAccess}
26${VMI_BASE_URI}   /ibm/v1/
27
28
29*** Test Cases ***
30
31Get CSR Request Signed By VMI And Verify
32    [Documentation]  Get CSR request signed by VMI using different user roles and verify.
33    [Tags]  Get_CSR_Request_Signed_By_VMI_And_Verify
34    [Template]  Get Certificate Signed By VMI
35
36    # username           password             force_create  valid_csr  valid_status_code
37    ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}  ${True}       ${True}    ${HTTP_OK}
38
39    # Send CSR request from operator user.
40    operator_user        TestPwd123           ${False}      ${True}    ${HTTP_FORBIDDEN}
41
42    # Send CSR request from ReadOnly user.
43    readonly_user        TestPwd123           ${False}      ${True}    ${HTTP_FORBIDDEN}
44
45    # Send CSR request from NoAccess user.
46    noaccess_user        TestPwd123           ${False}      ${True}    ${HTTP_FORBIDDEN}
47
48
49Get Root Certificate Using Different Privilege Users Roles
50    [Documentation]  Get root certificate using different users.
51    [Tags]  Get_Root_Certificate_Using_Different_Users
52    [Template]  Get Root Certificate
53
54    # username     password    force_create  valid_csr  valid_status_code
55    # Request root certificate from admin user.
56    admin_user     TestPwd123  ${True}       ${True}    ${HTTP_OK}
57
58    # Request root certificate from operator user.
59    operator_user  TestPwd123  ${False}      ${True}    ${HTTP_FORBIDDEN}
60
61    # Request root certificate from ReadOnly user.
62    readonly_user  TestPwd123  ${False}      ${True}    ${HTTP_FORBIDDEN}
63
64    # Request root certificate from NoAccess user.
65    noaccess_user  TestPwd123  ${False}      ${True}    ${HTTP_FORBIDDEN}
66
67
68Send CSR Request When VMI Is Off And Verify
69    [Documentation]  Send CSR signing request to VMI when it is off and expect an error.
70    [Tags]  Get_CSR_Request_When_VMI_Is_Off_And_verify
71    [Setup]  Redfish Power Off
72    [Teardown]  Run keywords  Redfish Power On  stack_mode=skip  AND  FFDC On Test Case Fail
73    [Template]  Get Certificate Signed By VMI
74
75    # username           password             force_create  valid_csr  valid_status_code         read_timeout
76    ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}  ${True}       ${True}    ${HTTP_SERVICE_UNAVAILABLE}   60
77
78    # Send CSR request from operator user.
79    operator_user        TestPwd123           ${False}      ${True}    ${HTTP_FORBIDDEN}
80
81    # Send CSR request from ReadOnly user.
82    readonly_user        TestPwd123           ${False}      ${True}    ${HTTP_FORBIDDEN}
83
84    # Send CSR request from NoAccess user.
85    noaccess_user        TestPwd123           ${False}      ${True}    ${HTTP_FORBIDDEN}
86
87Get Corrupted CSR Request Signed By VMI And Verify
88    [Documentation]  Send corrupted CSR for signing and expect an error.
89    [Tags]  Get_Corrupted_CSR_Request_Signed_By_VMI_And_Verify
90    [Template]  Get Certificate Signed By VMI
91
92    # username           password             force_create  valid_csr   valid_status_code        read_timeout
93    ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}  ${True}       ${False}    ${HTTP_SERVICE_UNAVAILABLE}    60
94
95    # Send CSR request from operator user.
96    operator_user        TestPwd123           ${False}      ${False}    ${HTTP_FORBIDDEN}
97
98    # Send CSR request from ReadOnly user.
99    readonly_user        TestPwd123           ${False}      ${False}    ${HTTP_FORBIDDEN}
100
101    # Send CSR request from NoAccess user.
102    noaccess_user        TestPwd123           ${False}      ${False}    ${HTTP_FORBIDDEN}
103
104Get Root Certificate When VMI Is Off And Verify
105    [Documentation]  Get root certificate when vmi is off and verify.
106    [Tags]  Get_Root_Certificate_When_VMI_Is_Off_And_Verify
107    [Setup]  Redfish Power Off
108    [Teardown]  Run keywords  Redfish Power On  stack_mode=skip  AND  FFDC On Test Case Fail
109    [Template]  Get Root Certificate
110
111    # username           password             force_create  valid_csr  valid_status_code
112    ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}  ${True}       ${True}    ${HTTP_OK}
113
114    # Request root certificate from operator user.
115    operator_user        TestPwd123           ${False}      ${True}    ${HTTP_FORBIDDEN}
116
117    # Request root certificate from ReadOnly user.
118    readonly_user        TestPwd123           ${False}      ${True}    ${HTTP_FORBIDDEN}
119
120    # Request root certificate from NoAccess user.
121    noaccess_user        TestPwd123           ${False}      ${True}    ${HTTP_FORBIDDEN}
122
123
124Get Root Certificate After BMC Reboot And Verify
125    [Documentation]  Get root certificate after bmc reboot and verify.
126    [Tags]  Get_Root_Certificate_After_BMC_Reboot_And_Verify
127    [Setup]  Run Keywords  OBMC Reboot (off)  AND  Redfish Power On
128    [Template]  Get Root Certificate
129
130    # username            password             force_create  valid_csr  valid_status_code
131    ${OPENBMC_USERNAME}   ${OPENBMC_PASSWORD}  ${True}       ${True}    ${HTTP_OK}
132
133    # Request root certificate from operator user.
134    operator_user         TestPwd123           ${False}      ${True}    ${HTTP_FORBIDDEN}
135
136    # Request root certificate from ReadOnly user.
137    readonly_user         TestPwd123           ${False}      ${True}    ${HTTP_FORBIDDEN}
138
139    # Request root certificate from NoAccess user.
140    noaccess_user         TestPwd123           ${False}      ${True}    ${HTTP_FORBIDDEN}
141
142Get Concurrent Root Certificate Requests From Multiple Admin Users
143    [Documentation]  Get multiple concurrent root certificate requests from multiple admins
144    ...  and verify no errors.
145    [Tags]  Get_Concurrent_Root_Certificate_Requests_From_Multiple_Admin_Users
146
147    FOR  ${i}  IN RANGE  ${5}
148        ${dict}=  Execute Process Multi Keyword  ${5}
149        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
150        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
151        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
152        Dictionary Should Not Contain Value  ${dict}  False
153        ...  msg=One or more operations has failed.
154    END
155
156Get Concurrent CSR Requests From Multiple Admin Users
157    [Documentation]  Get multiple concurrent csr requests from multiple admins and verify no errors.
158    [Tags]  Get_Concurrent_CSR_Requests_From_Multiple_Admin_Users
159
160    FOR  ${i}  IN RANGE  ${5}
161        ${dict}=  Execute Process Multi Keyword  ${5}
162        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
163        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
164        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
165        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
166        Dictionary Should Not Contain Value  ${dict}  False
167        ...  msg=One or more operations has failed.
168    END
169
170Get Concurrent Corrupted CSR Requests From Multiple Admin Users
171    [Documentation]  Get multiple concurrent corrupted csr requests from multiple admins and verify no errors.
172    [Tags]  Get_Concurrent_Corrupted_CSR_Requests_From_Multiple_Admin_Users
173
174    FOR  ${i}  IN RANGE  ${5}
175        ${dict}=  Execute Process Multi Keyword  ${5}
176        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR}
177        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR}
178        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR}
179        Dictionary Should Not Contain Value  ${dict}  False
180        ...  msg=One or more operations has failed.
181    END
182
183Get Concurrent Root Certificate Request From Operator Users
184    [Documentation]  Get multiple concurrent root certificate from non admin users and verify no errors.
185    [Tags]  Get_Concurrent_Root_Certificate_Request_From_Operator_Users
186
187    FOR  ${i}  IN RANGE  ${5}
188        ${dict}=  Execute Process Multi Keyword  ${5}
189        ...  Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
190        ...  Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
191        ...  Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
192        Dictionary Should Not Contain Value  ${dict}  False
193        ...  msg=One or more operations has failed.
194    END
195
196Get Concurrent Root Certificate Request From Admin And Non Admin Users
197    [Documentation]  Get multiple concurrent root certificate from admin and non admin users
198    ...  and verify no errors.
199    [Tags]  Get_Concurrent_Root_Certificate_Request_From_Admin_And_Non_Admin_Users
200
201    FOR  ${i}  IN RANGE  ${5}
202        ${dict}=  Execute Process Multi Keyword  ${5}
203        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
204        ...  Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
205        ...  Get Root Certificate readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
206        Dictionary Should Not Contain Value  ${dict}  False
207        ...  msg=One or more operations has failed.
208    END
209
210Get Concurrent Root Certificate Request From Different Non Admin Users
211    [Documentation]  Get multiple concurrent root certificate from different non admin users
212    ...  and verify no errors.
213    [Tags]  Get_Concurrent_Root_Certificate_Request_From_Different_Non_Admin_Users
214
215    FOR  ${i}  IN RANGE  ${5}
216        ${dict}=  Execute Process Multi Keyword  ${5}
217        ...  Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
218        ...  Get Root Certificate readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
219        ...  Get Root Certificate noaccess_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
220        Dictionary Should Not Contain Value  ${dict}  False
221        ...  msg=One or more operations has failed.
222    END
223
224Get Concurrent CSR Request From Operator Users
225    [Documentation]  Get multiple concurrent csr request from non admin users and verify no errors.
226    [Tags]  Get_Concurrent_CSR_Request_From_Operator_Users
227
228    FOR  ${i}  IN RANGE  ${5}
229        ${dict}=  Execute Process Multi Keyword  ${5}
230        ...  Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
231        ...  Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
232        ...  Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
233        Dictionary Should Not Contain Value  ${dict}  False
234        ...  msg=One or more operations has failed.
235    END
236
237Get Root Certificate And Send CSR Request Concurrently And Verify
238    [Documentation]  Get root certificate and send csr request concurrently and
239    ...  verify gets root and signed certificate.
240    [Tags]  Get_Root_Certificate_And_Send_CSR_Request_Concurrently_And_Verify
241
242    FOR  ${i}  IN RANGE  ${5}
243        ${dict}=  Execute Process Multi Keyword  ${5}
244        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
245        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
246        Dictionary Should Not Contain Value  ${dict}  False
247        ...  msg=One or more operations has failed.
248    END
249
250Get Concurrent Root Certificate And Send CSR Request And Verify
251    [Documentation]  Get concurrent root certificate and send csr request
252    ...  and verify gets root certificate and signed certificate.
253    [Tags]  Get_Concurrent_Root_Certificate_And_Send_CSR_Request_And_Verify
254
255    FOR  ${i}  IN RANGE  ${5}
256        ${dict}=  Execute Process Multi Keyword  ${5}
257        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
258        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
259        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
260        Dictionary Should Not Contain Value  ${dict}  False
261        ...  msg=One or more operations has failed.
262    END
263
264Get Root Certificate And Send Multiple CSR Requests Concurrently And Verify
265    [Documentation]  Get root certificate and send multiple csr requests concurrently and
266    ...  verify gets root certificate and signed certificates.
267    [Tags]  Get_Root_Certificate_And_Send_Multiple_CSR_Requests_Concurrently_And_Verify
268
269    FOR  ${i}  IN RANGE  ${5}
270        ${dict}=  Execute Process Multi Keyword  ${5}
271        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
272        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
273        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
274        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
275        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
276        Dictionary Should Not Contain Value  ${dict}  False
277        ...  msg=One or more operations has failed.
278    END
279
280Get Root Certificate And Send Multiple Corrupted CSR Requests Concurrently And Verify
281    [Documentation]  Get root certificate and send multiple corrupted csr requests concurrently and
282    ...  verify gets root certificate and error for corrupted csr requests.
283    [Tags]  Get_Root_Certificate_And_Send_Multiple_Corrupted_CSR_Requests_Concurrently_And_Verify
284
285    FOR  ${i}  IN RANGE  ${5}
286        ${dict}=  Execute Process Multi Keyword  ${5}
287        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
288        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR}
289        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR}
290        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR}
291        Dictionary Should Not Contain Value  ${dict}  False
292        ...  msg=One or more operations has failed.
293    END
294
295Send Concurrent CSR Request And Corrupted CSR Request And Verify
296    [Documentation]  Send concurrent csr request and corrupted csr request
297    ...  and verify gets certificate for valid csr and error for corrupted csr.
298    [Tags]  Send_Concurrent_CSR_Request_And_Corrupted_CSR_Request_And_Verify
299
300    FOR  ${i}  IN RANGE  ${5}
301        ${dict}=  Execute Process Multi Keyword  ${5}
302        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
303        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
304        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR}
305        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR}
306        Dictionary Should Not Contain Value  ${dict}  False
307        ...  msg=One or more operations has failed.
308    END
309
310Get Root Certificate Send CSR And Corrupted CSR Request Concurrently And Verify
311    [Documentation]  Get root certificate send csr and corrupted csr requests concurrently and
312    ...  verify gets root certificate and certificate for valid csr and error for corrupted csr.
313    [Tags]  Get_Root_Certificate_Send_CSR_And_Corrupted_CSR_Request_Concurrently_And_Verify
314
315    FOR  ${i}  IN RANGE  ${5}
316        ${dict}=  Execute Process Multi Keyword  ${5}
317        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
318        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
319        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR}
320        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR}
321        Dictionary Should Not Contain Value  ${dict}  False
322        ...  msg=One or more operations has failed.
323    END
324
325Send Concurrent CSR Request From Admin And Non Admin Users And Verify
326    [Documentation]  Send concurrent csr requests from admin and non-admin users and verify
327    ...  admin gets certificate and non-admin gets error.
328    [Tags]  Send_Concurrent_CSR_Request_From_Admin_And_Non_Admin_Users_And_Verify
329
330    FOR  ${i}  IN RANGE  ${5}
331        ${dict}=  Execute Process Multi Keyword  ${5}
332        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
333        ...  Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
334        ...  Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
335        Dictionary Should Not Contain Value  ${dict}  False
336        ...  msg=One or more operations has failed.
337    END
338
339Send Concurrent CSR Request From Non Admin Users And Verify
340    [Documentation]  Send concurrent csr request from non admin users
341    ...  and verify gets error.
342    [Tags]  Send_Concurrent_CSR_Request_From_Non_Admin_Users_And_Verify
343
344    FOR  ${i}  IN RANGE  ${5}
345        ${dict}=  Execute Process Multi Keyword  ${5}
346        ...  Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
347        ...  Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
348        ...  Get Certificate Signed By VMI noaccess_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
349        Dictionary Should Not Contain Value  ${dict}  False
350        ...  msg=One or more operations has failed.
351    END
352
353Get Root Certificate And Send Corrupted CSR From Admin CSR Request From Operator Concurrently
354    [Documentation]  Get root certificate and send corrupted csr request from admin and
355    ...  csr from operator concurrently and verify gets root certificate and errors for corrupted
356    ...  and for operator.
357    [Tags]  Get_Root_Certificate_And_Send_Corrupted_CSR_From_Admin_CSR_Request_From_Operator_Concurrently
358
359    FOR  ${i}  IN RANGE  ${5}
360        ${dict}=  Execute Process Multi Keyword  ${5}
361        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
362        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR}
363        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR}
364        ...  Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
365        Dictionary Should Not Contain Value  ${dict}  False
366        ...  msg=One or more operations has failed.
367    END
368
369Get Root Certificate From Operator And Send Corrupted CSR Request And CSR Request From Admin Concurrently
370    [Documentation]  Get root certificate from operator and send corrupted csr request
371    ...  and csr from admin and verify errors for operator and corrupted csr and signed certificate
372    ...  for valid csr.
373    [Tags]  Get_Root_Certificate_From_Operator_And_Send_Corrupted_CSR_Request_And_CSR_Request_From_Admin_Concurrently
374
375    FOR  ${i}  IN RANGE  ${5}
376        ${dict}=  Execute Process Multi Keyword  ${5}
377        ...  Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
378        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR}
379        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR}
380        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
381        Dictionary Should Not Contain Value  ${dict}  False
382        ...  msg=One or more operations has failed.
383    END
384
385
386Get Root Certificate From Operator And Admin Send CSR Request From Admin Concurrently
387    [Documentation]  Get root certificate from operator and admin and
388    ...  and send csr request from admin concurrently and verify error for operator
389    ...  and admin gets root and signed certificate.
390    [Tags]  Get_Root_Certificate_From_Operator_And_Admin_Send_CSR_Request_From_Admin_Concurrently
391
392    FOR  ${i}  IN RANGE  ${5}
393        ${dict}=  Execute Process Multi Keyword  ${5}
394        ...  Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
395        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
396        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
397        Dictionary Should Not Contain Value  ${dict}  False
398        ...  msg=One or more operations has failed.
399    END
400
401Send CSR Request From Admin And Operator And Corrupted CSR From Admin Concurrently And Verify
402    [Documentation]  Send csr request from admin and operator and corrupted
403    ...  csr request from admin and verify gets signed certificate for valid csr for admin
404    ...  gets error for operator and error for corrupted csr.
405    [Tags]  Send_CSR_Request_From_Admin_And_Operator_And_Corrupted_CSR_From_Admin_Concurrently_And_Verify
406
407    FOR  ${i}  IN RANGE  ${5}
408        ${dict}=  Execute Process Multi Keyword  ${5}
409        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
410        ...  Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
411        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR}
412        Dictionary Should Not Contain Value  ${dict}  False
413        ...  msg=One or more operations has failed.
414    END
415
416Send Corrupted CSR Requests From Admin And Operator And CSR Request From Admin Concurrently And Verify
417    [Documentation]  Send corrupted csr request from admin and operator and csr request
418    ...  from admin concurrently and verify errors for corrupted csr and gets signed certificate
419    ...  for valid csr from admin.
420    [Tags]  Send_Corrupted_CSR_Requests_From_Admin_And_Operator_And_CSR_Request_From_Admin_Concurrently_And_Verify
421
422    FOR  ${i}  IN RANGE  ${5}
423        ${dict}=  Execute Process Multi Keyword  ${5}
424        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR}
425        ...  Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${False} ${HTTP_FORBIDDEN}
426        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
427        Dictionary Should Not Contain Value  ${dict}  False
428        ...  msg=One or more operations has failed.
429    END
430
431Send Corrupted CSR Requests From Admin And Operator User Concurrently And Verify
432    [Documentation]  Send corrupted csr requests from admin and operator and
433    ...  verify gets error.
434    [Tags]  Send_Corrupted_CSR_Requests_From_Admin_And_Operator_User_Concurrently_And_Verify
435
436    FOR  ${i}  IN RANGE  ${5}
437        ${dict}=  Execute Process Multi Keyword  ${5}
438        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR}
439        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR}
440        ...  Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${False} ${HTTP_FORBIDDEN}
441        Dictionary Should Not Contain Value  ${dict}  False
442        ...  msg=One or more operations has failed.
443    END
444
445Get Root Certificate From Admin And Send CSR Requests From Non Admin Concurrently And Verify
446    [Documentation]  Get root certificate from admin and csr requests from
447    ...  non admin users concurrently and verify gets root certificate for admin and
448    ...  errors for non-admins.
449    [Tags]  Get_Root_Certificate_From_Admin_And_Send_CSR_Requests_From_Non_Admin_Concurrently_And_Verify
450
451    FOR  ${i}  IN RANGE  ${5}
452        ${dict}=  Execute Process Multi Keyword  ${5}
453        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
454        ...  Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
455        ...  Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
456        Dictionary Should Not Contain Value  ${dict}  False
457        ...  msg=One or more operations has failed.
458    END
459
460Get Root Certificate And Send CSR Requests From Non Admin Users Concurrently And Verify
461    [Documentation]  Get root certificate and send csr requests from non admin
462    ...  users and verify gets errors.
463    [Tags]  Get_Root_Certificate_And_Send_CSR_Requests_From_Non_Admin_Users_Concurrently_And_Verify
464
465    FOR  ${i}  IN RANGE  ${5}
466        ${dict}=  Execute Process Multi Keyword  ${5}
467        ...  Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
468        ...  Get Root Certificate readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
469        ...  Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
470        ...  Get Certificate Signed By VMI noaccess_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
471        Dictionary Should Not Contain Value  ${dict}  False
472        ...  msg=One or more operations has failed.
473    END
474
475Send Corrupted CSR Request From Admin And CSR Requests From Non Admin Concurrently And Verify
476    [Documentation]  Send corrupted csr request from admin and csr request from non admin
477    ...  users concurrently and verify gets errors.
478    [Tags]  Send_Corrupted_CSR_Request_From_Admin_And_CSR_Requests_From_Non_Admin_Concurrently_And_Verify
479
480    FOR  ${i}  IN RANGE  ${5}
481        ${dict}=  Execute Process Multi Keyword  ${5}
482        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR}
483        ...  Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
484        ...  Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
485        Dictionary Should Not Contain Value  ${dict}  False
486        ...  msg=One or more operations has failed.
487    END
488
489Send CSR Request And Corrupted CSR Requests From Non Admin Users Concurrently And Verify
490    [Documentation]  Send csr and corrupted csr request from non admin users
491    ...  and verify gets errors.
492    [Tags]  Send_CSR_Request_And_Corrupted_CSR_Requests_From_Non_Admin_Users_Concurrently_And_Verify
493
494    FOR  ${i}  IN RANGE  ${5}
495        ${dict}=  Execute Process Multi Keyword  ${5}
496        ...  Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${False} ${HTTP_FORBIDDEN}
497        ...  Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${False} ${HTTP_FORBIDDEN}
498        ...  Get Certificate Signed By VMI noaccess_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
499        ...  Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
500        Dictionary Should Not Contain Value  ${dict}  False
501        ...  msg=One or more operations has failed.
502    END
503
504Get Root Certificate And Send CSR Requests From Admin And Operator Concurrently And Verify
505    [Documentation]  Get root certificate from admin and send csr requests
506    ...  from admin and operator concurrently and verify gets root certificate
507    ...  and signed certificate and gets error for operator.
508    [Tags]  Get_Root_Certificate_And_Send_CSR_Requests_From_Admin_And_Operator_Concurrently_And_Verify
509
510    FOR  ${i}  IN RANGE  ${5}
511        ${dict}=  Execute Process Multi Keyword  ${5}
512        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
513        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
514        ...  Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
515        Dictionary Should Not Contain Value  ${dict}  False
516        ...  msg=One or more operations has failed.
517    END
518
519
520Get Root Certificate And Send Corrupted CSR Requests From Admin And Operator Concurrently And Verify
521    [Documentation]  Get root certificate from admin and send corrupted csr requests
522    ...  from admin and operator concurrently and verify gets root certificate and errors
523    ...  for corrupted csr.
524    [Tags]  Get_Root_Certificate_And_Send_Corrupted_CSR_Requests_From_Admin_And_Operator_Concurrently_And_Verify
525
526    FOR  ${i}  IN RANGE  ${5}
527        ${dict}=  Execute Process Multi Keyword  ${5}
528        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
529        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR}
530        ...  Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${False} ${HTTP_FORBIDDEN}
531        Dictionary Should Not Contain Value  ${dict}  False
532        ...  msg=One or more operations has failed.
533    END
534
535*** Keywords ***
536
537Generate CSR String
538    [Documentation]  Generate a csr string.
539
540    # Note: Generates and returns csr string.
541    ${csr_gen_time} =  Get Current Date Time
542    ${CSR_FILE}=  Catenate  SEPARATOR=_  ${csr_gen_time}  csr_server.csr
543    ${CSR_KEY}=   Catenate  SEPARATOR=_  ${csr_gen_time}  csr_server.key
544    Set Test Variable  ${CSR_FILE}
545    Set Test Variable  ${CSR_KEY}
546    ${ssl_cmd}=  Set Variable  openssl req -new -newkey rsa:2048 -nodes -keyout ${CSR_KEY} -out ${CSR_FILE}
547    ${ssl_sub}=  Set Variable
548    ...  -subj "/C=XY/ST=Abcd/L=Efgh/O=ABC/OU=Systems/CN=abc.com/emailAddress=xyz@xx.ABC.com"
549
550    # Run openssl command to create a new private key and use that to generate a CSR string
551    # in server.csr file.
552    ${output}=  Run  ${ssl_cmd} ${ssl_sub}
553    ${csr}=  OperatingSystem.Get File  ${CSR_FILE}
554
555    [Return]  ${csr}
556
557
558Send CSR To VMI And Get Signed
559    [Documentation]  Upload CSR to VMI and get signed.
560    [Arguments]  ${csr}  ${force_create}  ${username}  ${password}  ${read_timeout}
561
562    # Description of argument(s):
563    # csr                    Certificate request from client to VMI.
564    # force_create           Create a new REST session if True.
565    # username               Username to create a REST session.
566    # password               Password to create a REST session.
567
568    Run Keyword If  "${XAUTH_TOKEN}" != "${EMPTY}" or ${force_create} == ${True}
569    ...  Initialize OpenBMC  rest_username=${username}  rest_password=${password}
570
571    ${data}=  Create Dictionary
572    ${headers}=  Create Dictionary  X-Auth-Token=${XAUTH_TOKEN}
573    ...  Content-Type=application/json
574
575    ${cert_uri}=  Set Variable  ${VMI_BASE_URI}Host/Actions/SignCSR
576
577    # For SignCSR request, we need to pass CSR string generated by openssl command.
578    ${csr_data}=  Create Dictionary  CsrString  ${csr}
579    Set To Dictionary  ${data}  data  ${csr_data}
580
581    ${resp}=  Post Request  openbmc  ${cert_uri}  &{data}  headers=${headers}  timeout=${read_timeout}
582    Log to console  ${resp.content}
583
584    [Return]  ${resp}
585
586
587Get Root Certificate
588    [Documentation]  Get root certificate from VMI.
589    [Arguments]  ${username}=${OPENBMC_USERNAME}  ${password}=${OPENBMC_PASSWORD}
590    ...  ${force_create}=${False}  ${valid_csr}=${True}  ${valid_status_code}=${HTTP_OK}
591
592    # Description of argument(s):
593    # cert_type          Type of the certificate requesting. eg. root or SignCSR.
594    # username           Username to create a REST session.
595    # password           Password to create a REST session.
596    # force_create       Create a new REST session if True.
597    # valid_csr          Uses valid CSR string in the REST request if True.
598    #                    This is not applicable for root certificate.
599    # valid_status_code  Expected status code from REST request.
600
601    Run Keyword If  "${XAUTH_TOKEN}" != "${EMPTY}" or ${force_create} == ${True}
602    ...  Initialize OpenBMC  rest_username=${username}  rest_password=${password}
603
604    ${data}=  Create Dictionary
605    ${headers}=  Create Dictionary  X-Auth-Token=${XAUTH_TOKEN}
606    ...  Content-Type=application/json
607
608    ${cert_uri}=  Set Variable  ${VMI_BASE_URI}Host/Certificate/root
609
610    ${resp}=  Get Request  openbmc  ${cert_uri}  &{data}  headers=${headers}
611
612    Should Be Equal As Strings  ${resp.status_code}  ${valid_status_code}
613    Return From Keyword If  ${resp.status_code} != ${HTTP_OK}
614
615    ${cert}=  Evaluate  json.loads('''${resp.text}''', strict=False)  json
616    Should Contain  ${cert["Certificate"]}  BEGIN CERTIFICATE
617    Should Contain  ${cert["Certificate"]}  END CERTIFICATE
618
619
620Get Subject
621    [Documentation]  Generate a csr string.
622    [Arguments]  ${file_name}  ${is_csr_file}
623
624    # Description of argument(s):
625    # file_name          Name of CSR or signed CERT file.
626    # is_csr_file        A True value means a CSR while a False is for signed CERT file.
627
628    ${subject}=  Run Keyword If  ${is_csr_file}  Run  openssl req -in ${file_name} -text -noout | grep Subject:
629    ...   ELSE  Run  openssl x509 -in ${file_name} -text -noout | grep Subject:
630
631    [Return]  ${subject}
632
633
634Get Public Key
635    [Documentation]  Generate a csr string.
636    [Arguments]  ${file_name}  ${is_csr_file}
637
638    # Description of argument(s):
639    # file_name          Name of CSR or CERT file.
640    # is_csr_file        A True value means a CSR while a False is for signed CERT file.
641
642    ${PublicKey}=  Run Keyword If  ${is_csr_file}  Run  openssl req -in ${file_name} -noout -pubkey
643    ...   ELSE  Run  openssl x509 -in ${file_name} -noout -pubkey
644
645    [Return]  ${PublicKey}
646
647
648Get Certificate Signed By VMI
649    [Documentation]  Get signed certificate from VMI.
650    [Arguments]  ${username}=${OPENBMC_USERNAME}  ${password}=${OPENBMC_PASSWORD}
651    ...  ${force_create}=${False}  ${valid_csr}=${True}  ${valid_status_code}=${HTTP_OK}
652    ...  ${read_timeout}=20
653
654    # Description of argument(s):
655    # cert_type          Type of the certificate requesting. eg. root or SignCSR.
656    # username           Username to create a REST session.
657    # password           Password to create a REST session.
658    # force_create       Create a new REST session if True.
659    # valid_csr          Uses valid CSR string in the REST request if True.
660    #                    This is not applicable for root certificate.
661    # valid_status_code  Expected status code from REST request.
662
663    Set Test Variable  ${CSR}  CSR
664    Set Test Variable  ${CORRUPTED_CSR}  CORRUPTED_CSR
665
666    ${CSR}=  Generate CSR String
667    ${csr_left}  ${csr_right}=  Split String From Right  ${CSR}  ==  1
668    ${CORRUPTED_CSR}=  Catenate  SEPARATOR=  ${csr_left}  \N  ${csr_right}
669
670    # For SignCSR request, we need to pass CSR string generated by openssl command
671    ${csr_str}=  Set Variable If  ${valid_csr} == ${True}  ${CSR}  ${CORRUPTED_CSR}
672
673    ${resp}=  Send CSR To VMI And Get Signed  ${csr_str}  ${force_create}  ${username}  ${password}
674    ...  ${read_timeout}
675
676    Should Be Equal As Strings  ${resp.status_code}  ${valid_status_code}
677    Return From Keyword If  ${resp.status_code} != ${HTTP_OK}
678
679    ${cert}=  Evaluate  json.loads('''${resp.text}''', strict=False)  json
680    Should Contain  ${cert["Certificate"]}  BEGIN CERTIFICATE
681    Should Contain  ${cert["Certificate"]}  END CERTIFICATE
682
683    # Now do subject and public key verification
684    ${subject_csr}=  Get Subject  ${CSR_FILE}  True
685    ${pubKey_csr}=  Get Public Key  ${CSR_FILE}  True
686
687    # create a crt file with certificate string
688    ${signed_cert}=  Set Variable  ${cert["Certificate"]}
689    ${testcert_gen_time} =  Get Current Date Time
690    ${test_cert_file}=   Catenate  SEPARATOR=_  ${testcert_gen_time}  test_certificate.cert
691
692    Create File  ${test_cert_file}  ${signed_cert}
693    ${subject_signed_csr}=  Get Subject   ${test_cert_file}  False
694    ${pubKey_signed_csr}=  Get Public Key  ${test_cert_file}  False
695
696    Should be equal as strings    ${subject_signed_csr}    ${subject_csr}
697    Should be equal as strings    ${pubKey_signed_csr}     ${pubKey_csr}
698
699
700Suite Setup Execution
701    [Documentation]  Suite setup execution.
702
703    Remove Files  *.csr  *.key  *.cert
704    # Create different user accounts.
705    Redfish.Login
706    Redfish Power On
707    Create Users With Different Roles  users=${USERS}  force=${True}
708
709
710Suite Teardown Execution
711    [Documentation]  Suite teardown execution.
712
713    Remove Files  *.csr  *.key  *.cert
714    Delete BMC Users Via Redfish  users=${USERS}
715    Delete All Sessions
716    Redfish.Logout
717